ROUND- thoughts of splitting this into these communities, where most of our work would continue in Ecosystem and Citizen. Federal would be driven by ONC, etc…

David Kibbe (AAFP) co-chair

People are starting to call me who are interested in what we’re doing. Some may join these groups

Brett Peterson (ABILITY) co-chair

Very much in favor. Want to cover additional details to make it even clearer next week

Greg Meyer (Cerner)

From tech perspective, have nothing against it. With respect to trust circles, if HISPs are participating with both FBCA and baseline, is there any conflict there?

Inherently anyone in the FBCA trusts each other

Sean – because we can have multi-anchors, and they can be built out in the DB with flexibility in the hierarchy, this is doable. However, if you trust the FB, you can’t *exclude* someone who has a FB cert

Andy Heeren (Cerner)

Greg covered much of my thoughts.

Will participate in all communities.

Arthur Hedge (Health-ISP)

Looks good. Will need to focus on the intersections to move forward.

Maybe there is the private revocation list to maintain who you don’t trust.

John Williams (Health-ISP)

Will actively support ecosystem and citizen communities

Don Jorgenson (Inpriva)

Looking forward to day when there is public-private governance

Mark Stine (MedPlus) – no adds

Sean Nolan (Microsoft) – no adds

Umesh Madan (Microsoft) – no adds

Will Ross (RedwoodMedNet) – no adds

Gary Christensen (RIQI)

Ecosystem and Federal seems like a timing issue, as opposed to a broad divergence to implementation. By default, it seems like we’re in the ecosystem one.

In the short term, decisions seem to be around identity proofing and whether the certs root up to the FBCA

Want to continue to forge ahead

Pete Palmer (SureScripts)

Will likely focus on the Federal group

Have done a number of pilot projects with the FB

Sri Koka (TechCent)

As a HISP, if we want to add a provider, do we need to characterize them as one of these communities?

Kibbe – we have a core model emerging, where most provider will get Direct address based on their orgs contracting with a HISP. In that case, it will be up to the organization to decide whether they need to have Direct communications with Federal agencies or not. Market will likely determine if classification is needed

Greg Chittim (Arcadia / RIQI) – no adds

Pete Greaves ()

John Odden ()

Like the three communities. Plus some tech evangelism is what we need

Being able to explain to the HC community is key to our success

(Brett Peterson) High level overview of wiki changes planned for early next week

In the next week, planning to restructure the wiki beginning of next week to support the three communities

Now have a consensus statement and a charter statement

Future

Move much of intro info from consensus statement to communities top level page

Each community wiki page will have 5 common sections

Intro

PKI/Security policy

HIDP policy

HISP policy

Governance

Move existing consensus statement to Ecosystem community page

Gary – this starts to institutionalize divergence. Other than the question of where cert ends up, is there really going to be much difference?

Kibbe – need a way to put the Federal community on a shelf that we look at every once in a while, but there is a long process of regulatory and NPRMs – too much uncertainty about where that will end up. If we want to get on with best practices for other communities, we don’t want to be blocked by this

(Gary Christensen) Overview of RIQI progress

We’re moving ahead very directly.

Down to the detailed operational level.

We’re making sure that we’re doing are in line with this group. Much of what we thought was important has ended up in the consensus statement

Planning to issue RFP for CA in the coming weeks.

Documenting detailed workflows. Planning to share with this group.

One of our absolute cardinal rules is vanilla, industry standards. Don’t want anything that is a RI-specific way to do this. There may be some differences than from what people do now, but no underlying constructs that go against trends.

Organization vs. individual certificates – most of our thinking has focused on the latter. Don’t think there’s much difference, but we’re circling back to confirm.

Kibbe – organization certificates have some HIPAA implications

Kibbe – are you part of 10 state consortium dealing with some of these issues? Same group as the one doing EHR consolidation. They are figuring out how to standardize the Direct implementations. If you’re not in that group then you should be.